F
Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] [Y] [Z] failure handling fastcalls fclose( ) function fcntl( ) function feasibility studies (SDLC) Feng, Dengguo Ferguson, Niels fgets( ) function 2nd fields, hidden fields, auditing FIFOs, UNIX file access ASP ASP.NET Java servlets Perl PHP file canonicalization, path metacharacters file descriptors UNIX file handlers File I/O API, Windows NT file inclusion ASP ASP.NET Java servlets Perl PHP file paths, truncation file squatting, Windows NT file streams, Windows NT file system IDs, Linux file system layout file systems OS interaction execution file uploading null bytes path traversal programmatic SSI permissions File Transfer Protocol (FTP) [See FTP (File Transfer Protocol).] file types, Windows NT filenames, UNIX files change monitoring closing, stdio system core files opening, stdio system reading, stdio system 2nd umask UNIX 2nd 3rd boot files creating descriptors device files directories filenames IDs inodes kernel files libraries links 2nd log files named pipes pathnames paths permissions personal user files proc file system program configuration files program files race conditions security sharing stdio file interface system configuration files temporary files uploading, security Windows NT canonicalization case sensitivity device files DOS 8.3 filenames extraneous filename characters File I/O API file open audits file squatting file streams file types links permissions writing to, stdio system Filesystem Hierarchy Standard, UNIX filtering metacharacters character stripping vunerabilities escaping metacharacters insufficient filtering metacharacter evasion filters explicit allow filters (white lists), metacharacters explicit deny filters (black lists), metacharacters Finding Return Values listing (7-27) findings summaries, application review firewalls 2nd attack surfaces host-based firewalls layer 7 inspection packet-filtering firewalls proxy firewalls spoofing attacks 2nd close spoofing distant spoofing encapsulation source routing stateful firewalls directionality fragmentation stateful inspection firewalls TCP (Transport Control Protocol) UDP (User Datagram Protocol) stateless firewalls fragmentation FTP (File Transfer Protocol) TCP (Transmission Control Protocol) UDP (User Datagram Protocol) flags ACEs TCP connections URG flags, TCP (Transmission Control Protocol) floating points, conversions floating types, C programming language floats flow analysis flow transfer statements, auditing flow, control flow, auditing fopen( ) function fork( ) function 2nd format specifiers Format String Vulnerability in a Logging Routine listing (8-17) Format String Vulnerability in WU-FTPD listing (8-16) format strings formats, metacharacters format strings path metacharacters Perl open( ) function shell metacharacters SQL queries forms (HTTP) forward( ) method, Java servlets forward-tracing code fprintf( ) function fragmentation IP (Internet Protocol) overlapping fragments pathological fragment sets processing stateful firewalls stateless firewalls zero-length fragments Frasunek, Przemyslaw fread( ) function 2nd free( ) function 2nd 3rd FreeBSD privileges, dropping temporarily From header field (HTTP) fscanf( ) function fstat( ) function ftok( ) function FTP (File Transfer Protocol) 2nd active FTP passive FTP stateless firewalls fully functional resolvers (DNS) function pointers obfuscation registration of Function Prologue listing (5-1) function prototypes, C programming language, type conversions function_A( ) function function_B( ) function_B( ) function functions _wsprintfW( ) _xlate_ascii_write( ) access( ) AdjustTokenGroups( ) AdjustTokenPrivileges( ) alloc( ) allocation functions, auditing apr_palloc( ) auditing argument meaning audit logs return value testing side-effects authenticate( ) bounded string functions 2nd BUF-MEM_grow( ) function calling conventions checkForAnotherInstance( ) cleanup( ) cleanup_exit( ) close( ) CloseHandle( ) CoInitializeEx( ) collecttimeout( ) ConnectNamedPipe( ) ConvertSidToStringSid( ) ConvertStringSidToSid( ) CoRegisterClassObject( ) crackaddr( ) Create*( ) CreateEvent( ) CreateFile( ) 2nd 3rd 4th 5th 6th CreateHardLink( ) CreateMutex( ) 2nd CreateNamedPipe( ) 2nd CreateNewKey( ) CreatePrivateNamespace( ) CreateProcess( ) 2nd CreateRestrictedToken( ) CreateSemaphore( ) CreateWaitableTimer( ) CRYPTO_realloc_clean( ) data_xfer( ) DecodePointer( ) DecodeSystemPointer( ) delete_session( ) DeviceIoControl( ) DllGetClassObject( ) dlopen( ) do_cleanup( ) do_ip( ) do_mremap( ) edit( ) EncodePointer( ) EncodeSystemPointer( ) err( ) escape_sql( ) execl( ) execve( ) 2nd 3rd 4th ExpandEnvironmentStrings( ) fclose( ) fcntl( ) fgets( ) 2nd fopen( ) fork( ) 2nd fprintf( ) fread( ) 2nd free( ) 2nd 3rd fscanf( ) fstat( ) ftok( ) function_A( ) function_B( ) get_mac( ) get_string_from_network( ) get_user( ) GetCurrentProcess( ) GetFullPathName( ) GetLastError( ) 2nd GetMachineName( ) getrlimit( ) ImpersonateNamedPipe( ) initgroups( ) initialize_ipc( ) initJobThreads( ) input_userauth_info_response( ) invocations, C programming language IsDBCSLeadByte( ) kill( ) list_add( ) list_init( ) longjump( ) lreply( ) lstat( ) make_table( ) malloc( ) 2nd memset( ) mkdtemp( ) mkstemp( ) mktemp( ) 2nd MultiByteToWideChar( ) 2nd my_malloc( ) NtQuerySystemInformation( ) open( ) 2nd OpenFile( ) OpenMutex( ) OpenPrivateNamespace( ) OpenProcess( ) parent functions, vunerabilities parse_rrecord( ) php_error_docref( ) pipe( ) pop( ) popen( ) 2nd prescan( ) 2nd printf( ) 2nd process_file( ) process_login( ) process_string( ) process_tcp_packet( ) process_token_string( ) processJob( ) processNetwork( ) processThread( ) push( ) putenv( ) pw_lock( ) QueryInterface( ) read( ) read_data( ) read_line( ) realloc( ) reentrancy RegCloseKey( ) RegCreateKey( ) RegCreateKeyEx( ) 2nd RegDeleteKey( ) RegDeleteKeyEx( ) RegDeleteValue( ) RegOpenKey( ) RegOpenKeyEx( ) RegQueryValue( ) RegQueryValueEx( ) retrieve_data( ) return values finding ignoring misinterpreting rfork( ) RpcBindingInqAuthClient( ) RpcServerListen( ) RpcServerRegisterAuthInfo( ) RpcServerRegisterIf( ) RpcServerRegisterIfEx( ) RpcServerUseProtseq( ) RpcServerUseProtseqEx( ) SAPI_POST_READER_FUNC( ) scanf( ) search_orders( ) semget( ) setegid( ) setenv( ) 2nd seteuid( ) setgid( ) setgroups( ) setjump( ) setregid( ) setresgid( ) setresuid( ) setreuid( ) setrlimit( ) SetThreadToken( ) setuid( ) 2nd ShellExecute( ) ShellExecuteEx( ) side-effects referentially opaque side effects referentially transparent side effects siglongjump( ) signal( ) 2nd sigsetjump( ) sizeof( ) 2nd snprintf( ) 2nd 3rd socketpair( ) 2nd sprintf( ) 2nd 3rd stat( ) strcat( ) strcpy( ) 2nd strlcat( ) strlcpy( ) strlen( ) strncat( ) strncpy( ) 2nd syslog( ) system( ) tempnam( ) TerminateThread( ) tgetent( ) time( ) tmpfile( ) tmpnam( ) toupper( ) try_lib( ) unbounded string functions Unicode UNIX group ID functions user ID functions unlink( ) 2nd uselib( ) utility functions, HTTP (Hypertext Transfer Protocol) vfork( ) vreply( ) vsnprintf( ) wait functions wcsncpy( ) WideCharToMultiByte( ) 2nd fuzz testing automation objects, COM (Component Object Model) code auditing tools |
The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities
ISBN: 0321444426
EAN: 2147483647
EAN: 2147483647
Year: 2004
Pages: 194
Pages: 194